How to attack to DevOps. Defence. Checkilists
1. How to attack to DevOps. 2. How to defence 3. Service configs checklists.
1. How to attack to DevOps. 2. How to defence 3. Service configs checklists.
DevSecOps Guides
Threat Intelligence
Guides for DevSecOps
Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat
..new ransomware-as-a-service (RaaS) provider. In addition to offering ransomware services.. which compatible three major platforms: Windows, Linux, and macOS. Technical deep dive research.
..new ransomware-as-a-service (RaaS) provider. In addition to offering ransomware services.. which compatible three major platforms: Windows, Linux, and macOS. Technical deep dive research.
Uptycs
Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat
The Uptycs threat intelligence team identified the presence of a Cyclops ransomware/stealer that threatens all three platforms: Windows, Linux, and macOS.
Offensive Bookmarks
I don’t check it, it is quite possible that there may be contains some pure) .. who will check, let me know later plz
— https://github.com/kargisimos/offensive-bookmarks
I don’t check it, it is quite possible that there may be contains some pure) .. who will check, let me know later plz
— https://github.com/kargisimos/offensive-bookmarks
GitHub
GitHub - kargisimos/offensive-bookmarks: A collection of bookmarks for penetration testers, bug bounty hunters, malware developers…
A collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics. - kargisimos/offensive-bookmarks
Bypassing Defender with ThreatCheck & Ghidra
— https://offensivedefence.co.uk/posts/threatcheck-ghidra/
— https://offensivedefence.co.uk/posts/threatcheck-ghidra/
offensivedefence.co.uk
Bypassing Defender with ThreatCheck & Ghidra
Intro It should come as no surprise when payloads generated in their default state get swallowed up by Defender, as Microsoft have both the means and motivation to proactively produce signatures for open and closed source/commericial tooling. One tactic to…
Forwarded from Sys-Admin InfoSec
/ When Hackers hack the Hackers - Malware Analysis for a group targeting Malware Developers
Detailed analysis revealed Command & Control (C2) connections using Discord for communication.
https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
P.S. Malicious domains with Cobalt Strike C2, Remcos C2 already blocked in OpenBLD.net DNS
Detailed analysis revealed Command & Control (C2) connections using Discord for communication.
https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
P.S. Malicious domains with Cobalt Strike C2, Remcos C2 already blocked in OpenBLD.net DNS
www.r-tec.net
When Hackers hack the Hackers
In this post, the malware analysis process, as well as attacker activities and Indicators of Compromise (IoCs) are presented.
/ Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC)
https://www.numencyber.com/cve-2023-29336-win32k-analysis/
https://www.numencyber.com/cve-2023-29336-win32k-analysis/
Numen
Analysis of CVE-2023-29336 Win32k Privilege Escalation
Analyzing CVE-2023-29336 Win32k vulnerability, its exploitation, and mitigation measures in the context of evolving security practices.
toxssin
An XSS exploitation command-line interface and payload generator:
https://github.com/t3l3machus/toxssin
An XSS exploitation command-line interface and payload generator:
https://github.com/t3l3machus/toxssin
GitHub
GitHub - t3l3machus/toxssin: An XSS exploitation command-line interface and payload generator.
An XSS exploitation command-line interface and payload generator. - t3l3machus/toxssin
/ Skuld: The Infostealer that Speaks Golang
This new malware strain tries to steal sensitive information from its victims..:
https://www.trellix.com/en-us/about/newsroom/stories/research/skuld-the-infostealer-that-speaks-golang.html
This new malware strain tries to steal sensitive information from its victims..:
https://www.trellix.com/en-us/about/newsroom/stories/research/skuld-the-infostealer-that-speaks-golang.html
Trellix
Skuld: The Infostealer that Speaks Golang
In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide. The malware targets sensitive information stored in certain applications, such as Discord and web browsers, and the Windows…
/ Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
— https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/
— https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/
dirkjanm.io
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
Many modern enterprises operate in a hybrid environment, where Active Directory is used together with Azure Active Directory. In most cases, identities will be synchronized from the on-premises Active Directory to Azure AD, and the on-premises AD remains…
Forwarded from Sys-Admin InfoSec
Open SysConf'23 ⚡ День Х: 16 сентября (Суббота)
Парни и девочки, день Open SysConf'23 встречи - 16 сентября (суббота) 2023.
Подтягиваем ширинки, блузки, гладим шнурки и волосы (у кого есть) и намереваемся на встречу в этот прекрасный и уверен солнечный во всех отношениях день ☀️
Возможно нашей встрече не хватает именно твоего доклада..?
— Форма регистрации докладчика
Место проведения: выбирается. Локация: Казахстан, г.Алматы.
Всем Peace ✌️
Парни и девочки, день Open SysConf'23 встречи - 16 сентября (суббота) 2023.
Подтягиваем ширинки, блузки, гладим шнурки и волосы (у кого есть) и намереваемся на встречу в этот прекрасный и уверен солнечный во всех отношениях день ☀️
Возможно нашей встрече не хватает именно твоего доклада..?
— Форма регистрации докладчика
Место проведения: выбирается. Локация: Казахстан, г.Алматы.
Всем Peace ✌️
Fake Security Researcher GitHub Repositories Deliver Malicious Implant
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
PyRDP:
https://github.com/GoSecure/pyrdp
PyRDP:
https://github.com/GoSecure/pyrdp
GitHub
GitHub - GoSecure/pyrdp: RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or…
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact - GoSecure/pyrdp
CONPRO2023.pdf
2.1 MB
De-Anonymizing Users’ Geographical Data on the Strava Heatmap
BlackLotus Mitigation Guide from NSA
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
Aqua
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
Millions of GitHub repositories are potentially vulnerable to RepoJacking, which if exploited may lead to code execution on environments